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DETAILED ACTION 

1 . This action is response to communication: amendment filed on 09/19/2008. 

2. Claims 1-7 and 14-23 are currently pending in this application. Claims 1 and 14 
are independent claims. Claims 8-13 have been cancelled. 

3. No IDS was received for this application. 



Response to Arguments 

4. Applicant's arguments filed 09/1 9/2008 have been fully considered but they are 
moot in view of new ground(s) of rejection 

5. The Applicants have amended the claims to recite that a connector, and not a 
card reader, connects the smart card to a telephone. This however, does not overcome 
the art. This makes the claims even more broad, and the Landry reference can be read 
differently. 



Claim Rejections - 35 USC § 102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 
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7. Claims 1,14, and 23 are rejected under 35 U.S.C. 102(e) as being unpatentable 
over Landry et al US Patent No. 6,687,350 (hereinafter Landry). 

As per claim 1 , Landry teaches a method for a second operation of 
authenticating a user and securing an online transaction over a telephone, comprising: 
providing a connector connecting a smart card to a telephone (Figure 2 item 30, with the 
analogue front-end unit; col. 5 lines 20-35); transmitting from the smart card at least an 
identification sequence for the user to an IRV server connected to a telephone line in 
the form of a modulated signal (col. 10 lines 25-30; col. 5 lines 1-22; col. 6 lines 5-29; 
Figures 2,3; also col. 5 lines 13-35, wherein the signal is modulated as it goes through 
modem 26); demodulating the identification sequence at the IVR server (It is inherent 
that the signal is demodulated, as a modulated signal must be demodulated in order for 
the data to be useful and processed; also occurs at the IVR server (col. 5 lines 1-10) ); 
and authenticating the user and the transaction at an application server receiving the 
demodulated identification sequence from the IVR server over a communication 
network wherein data processing required for generating, transmitting, and 
authenticating the user occur without data processing assistance from the connector 
(col. 8 line 45-65; col. 10 lines 1-35; Figure 5, and abstract, wherein the application 
server controls the functions of the smart card reader). 

Claim 14 is rejected using the same basis of arguments used to reject claim 1 
above. A card reader connected to a telephone is taught throughout the reference, 
such as in Landry Figure 1a and 1b. It is inherent that a telephone is connected to a 
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telephone line. An IVR server connected to the telephone line is taught throughout the 
reference, such as in Figures 1, 2, 3, and col. 5 lines 1-12. 

As per claim 23, Landry teaches wherein the card reader is further integrated into 
the telephone handset (col. 2 lines 45-68). 



Claim Rejections - 35 USC § 103 

8. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

9. Claims 2-3 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Landry as applied above, and further in view of Chang et al. US Patent No. 6,715,082 
(hereinafter Chang). 

As per claim 2, Landry teaches a credit card number in col. 1 lines 25-29, which 
is a unique number. However, Landry and Brown do not explicitly teach the use of one 
time keys on a smart card. These are well known in the art, as can be seen in Chang 
col. 2 lines10-25. 

At the time of the invention, it would have been obvious to include random one- 
time keys to be stored on smart cards. One of ordinary skill in the art would have been 
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motivated to perform such an addition to increase security. This is taught by Chang in 
col. 2 lines 11-15. 

As per claim 3, the one-time password taught by Chang in col. 2 lines 10-25 is a 
key used in a session. It is taught in Chang that this one time password/key is not 
transmitted to an authentication server, as it is only transmitted to an access server. 

Claim 15 is rejected using the same basis of arguments used to reject claim 2 

above. 

Claim 16 is rejected using the same basis of arguments used to reject claim 3 

above. 



1 0. Claims 4 and 1 7 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
Landry and Chang as applied above, and further in view of Brinkmeyer et al. US Patent 
No. 5,619,573 (hereinafter Brink). 

As per claim 4,, the Landry combination does not explicitly teach wherein the 
session key is a function of a previous key. However, this is taught by Brink, such as in 
col. 3 lines 60 to col. 4 line 25. This would be inherently known by an authentication 
server, as the authentication server needs to know the key in order to verify if it was 
valid or not. 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to include using a previously known key. One of ordinary skill in the art would 
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have been motivated to perform such an addition to create more security. As they are 
one way functions, it would be extremely difficult to determine the previous keys unless 
they were known. By using previous keys, it would increase security, as it would almost 
guarantee that the key was actually known by the user and the authentication server, 
and not a malicious middle man. 

Claim 17 is rejected using the same basis of arguments used to reject claim 14 

above. 

1 1 . Claims 5-7 and 1 8-20 are rejected under 35 U.S.C. 1 03(a) as being unpatentable 
over Landry, Chang, and Brink as applied above, and further in view of Bruce 
Schneier's Applied Cryptography, 2 nd Edition (1997), (hereinafter Schneier). 

As per claims 5-7, the claims recite the use of encryption keys, decryption, one- 
way functions and authentication. These are well known in the art, as taught throughout 
Schneier, such as in pages 28-42. Pin codes are taught throughout Landry and Kia, 
and it would be obvious to encrypt PIN's, because PIN contains sensitive information, 
which should never be sent in the clear. Further, it is common practice that 
authentication is valid if PIN's match a PIN stored in a database, (that's how PIN's or 
passwords work). Further, databases holding security information is taught throughout 
Kia, such as in col. 2 lines 14-20 and in col. 3 lines 15-24 and col. 4 lines 29-37. 

At the time of the invention, it would have been obvious to combine the teachings 
of Schneier with the Landry combination. One of ordinary skill in the art would have 
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been motivated to perform such an addition to be able to provide a secure system. The 
Landry combination is already directed to secure online transactions, and Schneier 
teaches the details of this. 

Claim 18-20, as best understood by the Examiner, are rejected using the same 
basis of arguments used to reject claims 507 above. 

12. Claims 21 -22 are rejected under 35 U.S.C. 1 03(a) as being obvious over Landry 
and as applied above. 

As per claim 21 , the claim recites wherein the smart card is powered by the 
voltage provided by the telephone line. It is well known in the art that telephones are 
powered by the power flowing from telephone lines. Since the Smart Card reader is 
attached to the telephone, as taught in Landry, it would have been obvious to power a 
smart card that is connected to the phone using the voltage provided by the phone, as 
this would reduce the amount of more power sources and voltage lines. Further, Landry 
teaches that the smart card may be powered by the telephone set, in col. 7 lines 50-54. 
As already discussed, many phones are powered by the telephone lines. 

As per claim 22, it is inherent that a smart card would transmit signals via 
contacts. Although the Landry combination does not explicitly teach ISO contacts, it 
would have been obvious to do so, if not inherent. As Landry already teaches utilizing 
contacts, it would have been obvious to utilize ISO contacts, as ISO contacts are well 
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known in the art and used throughout industry. 
ISO contacts for ease of use. 
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It would have been obvious incorporate 



Conclusion 

1 3. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 
14. 

1 5. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JASON K. GEE whose telephone number is (571)272- 
6431 . The examiner can normally be reached on M-F, 7:00 am to 4:30 pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571 ) 272-381 1 . The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Jason Gee 
Patent Examiner 
Technology Center 2400 
10/28/2008 
/Kambiz Zand/ 



Supervisory Patent Examiner, Art Unit 2434 



